[tor-relays] clarification on what Utah State University exit relays store ("360 gigs of log files")

Dave Warren davew at hireahit.com
Fri Aug 14 02:23:08 UTC 2015

On 2015-08-13 19:00, Aaron Hopkins wrote:
> I try to avoid storing any raw per-flow data to disk. At the scale I'm
> operating, I can't store it for very long, and walking through it 
> again is
> too slow.  If I wanted to throw more hardware at netflow log processing,
> it's at least possible to do, though.  Of the people I've heard doing 
> this,
> they are mostly paranoid companies (not ISPs) who want to be able to 
> trace
> security incidents after the fact. 

I was surprised how many companies had enough traffic to retroactively 
determine whether HEARTBLEED had previously been exploited. Neat, but 

Dave Warren

More information about the tor-relays mailing list